Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This years conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesnt necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Heres a summary of the best talks at BlackHat Europe 2013.
The conference kicked off with a keynote delivered by Rickard “Rick” Falkvinge, founder of the Swedish Pirate Party. His talk “Shelters or windmills: the struggle for power and information advantage” touched on a very important aspect of todays world the power of information and how information has been shaping the decisions of those who have it from monks in the distant past to governments and corporations nowadays. Rick pointed out how history repeats itself explaining there will always be efforts against the development of technologies that would enable masses to have access to that information, be it a printing press or a new technology such as the internet.
Keynote speech, aka ‘I don’t know how but I am a politician now’.
“A perfect crime? Only time will tell” talk by Tal Be’ery and Amichai Shulman showed how they took their 2012 CRIME (Compression Ratio Info-leak Made Easy) attack against SSL to a new level. This year theyve introduced TIME (Timing Info-leak Made Easy), which covers scenarios where CRIME had some limitations. While CRIME was solely aimed at HTTP requests, TIME is designed to attacker HTTP responses.
“Off-grid communications with Android meshing the mobile world” was an especially interesting session if you’re into mobile stuff. Josh Thomas and Jeff Robble presented the challenges of connecting Android devices directly to each other, in a headless dynamic mesh network, while actually doing it reliably, efficiently and most important of all, securely. Their project is called SPAN and stands for Smart Phone AdHoc Networks. It basically allows resilient communications between mobile devices without any existing infrastructure other than the devices themselves alone.
The lack of reliable network connectivity (no wonder) heavily stressed the live demo session :).
“Hardening Windows 8 Apps for the Store” by Marc Blanchou touched on the topics of security and privacy, two important concerns when it comes to the mobile world, from the perspective of Microsoft as a new player on a field already dominated by Android and iOS. Marc explained several changes in the architecture of Windows 8 apps, such as the way in which the system is taking care of important security aspects such as encrypted communications by transparently allowing the apps to access remote resources just like they would access local ones. Topics which were discussed included security implications of HTML5, backend services, cloud computing and WinRT.
Stefan Tanase and Stefano Ortolani